| VID |
26324 |
| Severity |
30 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The hotfix (MS08-006, KB942830) for 'Remote Code Execution Vulnerability in IIS' has not been applied. Microsoft Internet Information Services (IIS) 5.1 through 6.0 could allow a remote attacker to execute arbitrary code on the system, caused by an input validation error when processing data passed to ASP pages. By passing malformed input to an ASP page hosted on a vulnerable installation of IIS, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the same rights as the Worker Process Identity (WPI), which by default is configured with Network Service account privileges.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.microsoft.com/technet/security/bulletin/ms08-006.mspx
http://www.us-cert.gov/cas/techalerts/TA08-043C.html
http://www.securitytracker.com/id?1019385
http://www.frsirt.com/english/advisories/2008/0508
http://secunia.com/advisories/28893
* Platforms Affected:
Microsoft Internet Information Server 5.1
Microsoft Internet Information Server 6.0
Microsoft Windows XP SP2
Microsoft Windows Server 2003 SP2 |
| Recommendation |
Apply the appropriate patch (KB942830) for your system, as listed in Microsoft Security Bulletin MS08-006 at http://www.microsoft.com/technet/security/bulletin/ms08-006.mspx
-- OR --
Patches for Windows platforms are also available from the Microsoft Windows Update Web site, http://windowsupdate.microsoft.com . Windows Update detects what version of Windows you are running and offers the appropriate patch. |
| Related URL |
CVE-2008-0074 (CVE) |
| Related URL |
27101 (SecurityFocus) |
| Related URL |
39235,39237 (ISS) |
|
